package com.mercury.config;

import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;

/**
 * @author ：tx
 * @description：
 * @date ：Created in 2019/3/12 9:30
 * @modified By：
 * @version:
 */
@EnableWebMvc
@EnableWebSecurity
public class MercurySecurityConfig extends WebSecurityConfigurerAdapter {
    
    /**
     * @author tx
     * @description  通过roles 角色名称变为：ROLE_USER
     * withUser 为内存用户添加新用户
     * @date  2019/3/12 10:22
     * @param  * @Param: auth
     * @return void
    **/
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        //2.基于关系型数据库的数据源配置
       /* @Autowired
        DataSource dataSource;*/

        //1.基于内存存储信息
        auth
            .inMemoryAuthentication()
            .withUser("mercury").password("123").roles("USER")
            .and()
            .withUser("admin").password("123456").roles("ADMIN","USER");


        //2.基于关系型数据库
        /*auth
                .jdbcAuthentication()
                    .dataSource(dataSource) //如果只写到这里 那也是可以注册信息的  只是会对数据库的表有些要求
                        .usersByUsernameQuery("select username,password,true from myuser where username=?")//重写认证sql
                        .authoritiesByUsernameQuery("select username,'ROLE_USER' from myuser where username=?") //重写权限sql
                        .passwordEncoder(new StandardPasswordEncoder("53cr3t")); //secuity会拦截用户的密码 并加密 再与数据库中已加密的数据做比较*/

        //基于接口
       /* auth.userDetailsService(new UserService());*/
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()  //返回的对象的方法可以用来配置请求级别的安全细节
                    //.anyRequest().authenticated();
                    .antMatchers("/mineController/secretMessage").hasRole("USER") //如果访问该路径 则角色需要是role_user
                   // .antMatchers("/mineController/secretMessage").access("hasAnyRole('USER') and authentication() ") //使用access方式
                    .anyRequest().permitAll()
                .and()
                .requiresChannel()
                    .antMatchers("/mineController/form").requiresSecure()
                    .antMatchers("/mineController/*").requiresInsecure()
                .and()
                    .formLogin()
                    .loginPage("/mineController/login")
                    .loginProcessingUrl("/mineController/checkMessage")  //和页面上表单的action要一致
                .and()
                    .rememberMe()
                    .tokenValiditySeconds(2419200)
                    .key("mercuryKey")
                .and()
                    .logout()
                    .logoutUrl("/mineController/logout")
                    .logoutSuccessUrl("/mineController/login");
                /*.and()
                    .httpBasic();*/
              /*  .and()
                    .csrf().disable();*/
    }
}
